use existing oauth grant for public client (#31015)
Do not try to create a new authorization grant when one exists already,
thus preventing a DB-related authorization issue.
Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 9c8c9ff6d10b35de8d2d7eae0fc2646ad9bbe94a)
(cherry picked from commit 07fe5a8b13
)
This commit is contained in:
parent
02474498b1
commit
97a0d90c39
|
@ -544,7 +544,13 @@ func GrantApplicationOAuth(ctx *context.Context) {
|
||||||
ctx.ServerError("GetOAuth2ApplicationByClientID", err)
|
ctx.ServerError("GetOAuth2ApplicationByClientID", err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
grant, err := app.CreateGrant(ctx, ctx.Doer.ID, form.Scope)
|
grant, err := app.GetGrantByUserID(ctx, ctx.Doer.ID)
|
||||||
|
if err != nil {
|
||||||
|
handleServerError(ctx, form.State, form.RedirectURI)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
if grant == nil {
|
||||||
|
grant, err = app.CreateGrant(ctx, ctx.Doer.ID, form.Scope)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
handleAuthorizeError(ctx, AuthorizeError{
|
handleAuthorizeError(ctx, AuthorizeError{
|
||||||
State: form.State,
|
State: form.State,
|
||||||
|
@ -553,6 +559,15 @@ func GrantApplicationOAuth(ctx *context.Context) {
|
||||||
}, form.RedirectURI)
|
}, form.RedirectURI)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
} else if grant.Scope != form.Scope {
|
||||||
|
handleAuthorizeError(ctx, AuthorizeError{
|
||||||
|
State: form.State,
|
||||||
|
ErrorDescription: "a grant exists with different scope",
|
||||||
|
ErrorCode: ErrorCodeServerError,
|
||||||
|
}, form.RedirectURI)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if len(form.Nonce) > 0 {
|
if len(form.Nonce) > 0 {
|
||||||
err := grant.SetNonce(ctx, form.Nonce)
|
err := grant.SetNonce(ctx, form.Nonce)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
|
Loading…
Reference in New Issue